Adobe has released updates for Adobe Acrobat, Reader, and Flash that resolve a total of 42 security vulnerabilities. As many of these vulnerabilities are rated as Critical, it is strongly advised that anyone using these products immediately update them to the latest version.

A vulnerability is rated as Critical when it could allow attackers to remotely execute code on an affected machine. This would allow them to execute almost any command on the remote computer without the knowledge of the owner.  

Adobe Security Update Summary:

APSB17-01 Security Updates Available for Adobe Acrobat and Reader

Adobe has released security updates that resolve 29 vulnerabilities in Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

CVE number: CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017-2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2966, CVE-2017-2967.

Vulnerability Details:

  • These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2017-2962).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2950, CVE-2017-2951, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2961).
  • These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2942, CVE-2017-2945, CVE-2017-2946, CVE-2017-2949, CVE-2017-2959, CVE-2017-2966).
  • These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2948, CVE-2017-2952).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2943, CVE-2017-2944, CVE-2017-2953, CVE-2017-2954, CVE-2017-2960, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2967).
  • These updates resolve a security bypass vulnerability (CVE-2017-2947).

APSB17-02 Security updates available for Adobe Flash Player

Adobe has released security updates that resolve 13 vulnerabilities in Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  

CVE number: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938.

Vulnerability Details:

  • These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2017-2938).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937).
  • These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931).